<!doctype html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<title></title>
	<link rel="stylesheet" type="text/css" href="http://paranoid.net.cn/semantic.css" >
</head>
<body>
<section-title-en>3.5 Privileged Software Attacks</section-title-en>
<section-title-ch>3.5 特权软件攻击</section-title-ch>
<p-en>
	The rest of this section points to successful exploits that execute at each of the privilege levels described in §2.3, motivating the SGX design decision to assume that all the privileged software on the computer is malicious. [163] describes all the programmable hardware inside Intel computers, and outlines the security implications of compromising the software running it.
</p-en>
<p-ch>
	本节其余部分指出了在§2.3中描述的每个特权级别上执行的成功漏洞，促使SGX设计决定假设计算机上所有的特权软件都是恶意的。[163]描述了英特尔计算机内部所有的可编程硬件，并概述了危害运行它的软件的安全影响。
</p-ch>
<p-en>
	SMM, the most privileged execution level, is only used to handle a specific kind of interrupts (§2.12), namely System Management Interrupts (SMI). SMIs were initially designed exclusively for hardware use, and were only triggered by asserting a dedicated pin (SMI#) in the CPU's chip package. However, in modern systems, system software can generate an SMI by using the LAPIC's IPI mechanism. This opens up the avenue for SMMbased software exploits.
</p-en>
<p-ch>
	SMM是最有特权的执行层，只用来处理一种特殊的中断(§2.12)，即系统管理中断(SMI)。SMI最初是专门为硬件设计的，只有在CPU的芯片封装中，通过断言一个专用引脚（SMI#）才能触发。然而，在现代系统中，系统软件可以通过使用LAPIC的IPI机制来产生SMI。这就为基于SMM的软件利用提供了途径。
</p-ch>
<p-en>
	The SMM handler is stored in System Management RAM (SMRAM) which, in theory, is not accessible when the processor isn't running in SMM. However, its protection mechanisms were bypassed multiple times [44, 114, 164, 189], and SMM-based rootkits [49, 186] have been demonstrated. Compromising the SMM grants an attacker access to all the software on the computer, as SMM is the most privileged execution mode.
</p-en>
<p-ch>
	SMM处理程序存储在系统管理RAM(SMRAM)中，理论上，当处理器不在SMM中运行时，它是不可访问的。然而，它的保护机制被多次绕过[44，114，164，189]，基于SMM的rootkits[49，186]已经被证明。由于SMM是最有特权的执行模式，因此破坏SMM可以让攻击者访问计算机上的所有软件。
</p-ch>
<p-en>
	Xen [200] is a very popular representative of the family of hypervisors that run in VMX root mode and use hardware virtualization. At 150,000 lines of code [11], Xen's codebase is relatively small, especially when compared to a kernel. However, Xen still has had over 40 security vulnerabilities patched in each of the last three years (2012-2014) [10].
</p-en>
<p-ch>
	Xen[200]是在VMX根模式下运行并使用硬件虚拟化的管理程序家族中非常流行的代表。Xen的代码只有15万行[11]，Xen的代码库相对较小，尤其是与内核相比。然而，Xen在过去三年（2012-2014年）中，每年仍有超过40个安全漏洞被修补[10]。
</p-ch>
<p-en>
	[136] proposes using a very small hypervisor together with Intel TXT's dynamic root of trust for measurement (DRTM) to implement trusted execution. [183] argues that a dynamic root of trust mechanism, like Intel TXT, is necessary to ensure a hypervisor's integrity. Unfortunately, the TXT design requires an implementation complex enough that exploitable security vulnerabilities have creeped in [190, 191]. Furthermore, any SMM attack can be used to compromise TXT [188].
</p-en>
<p-ch>
	[136]提出使用一个非常小的hypervisor与英特尔TXT的动态信任根的测量（DRTM）一起实现可信执行。[183]认为，像英特尔TXT这样的动态信任根机制对于确保管理程序的完整性是必要的。不幸的是，TXT的设计需要一个足够复杂的实现，以至于可利用的安全漏洞已经悄然而至[190，191]。此外，任何SMM攻击都可以用来破坏TXT[188]。
</p-ch>
<p-en>
	The monolithic kernel design leads to many opportunities for security vulnerabilities in kernel code. Linux is by far the most popular kernel for IaaS cloud environments. Linux has 17 million lines of code [16], and has had over 100 security vulnerabilities patched in each of the last three years (2012-2014) [8, 33].
</p-en>
<p-ch>
	宏内核设计导致内核代码存在很多安全漏洞的机会。Linux是目前IaaS云环境中最流行的内核。Linux有1700万行代码[16]，在过去三年（2012-2014年）每年都有超过100个安全漏洞被修补[8，33]。
</p-ch>


</body>
</html>	